1

Topic: problem with checking external spf records

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.64
- Deployed with iRedMail Easy or the downloadable installer? installer
- Linux/BSD distribution name and version: rocky 8
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): mysql
- Web server ( Nginx):
- Manage mail accounts with iRedAdmin-Pro? no
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

hello

i am having trouble getting emails delivered. some emails are coming through but there is a lot of rejection going on - see below - this is typical

**************************************************************
Aug  8 11:02:18 mailer journal[88022]: iredapd [SPF][github.com] No valid IP addresses/networks.
Aug  8 11:02:18 mailer journal[88022]: iredapd [SPF] Error while querying DNS SPF record gmx.com: NoNameservers('All nameservers failed to answer the query gmx.com. IN TXT: Server 162.159.27.72 UDP port 53 answered REFUSED; Server 162.159.24.39 UDP port 53 answered REFUSED; Server 162.159.25.129 UDP port 53 answered REFUSED',)
Aug  8 11:02:20 mailer journal[88022]: iredapd [SPF] Error while querying DNS SPF record google.com: NoNameservers('All nameservers failed to answer the query google.com. IN TXT: Server 162.159.27.72 UDP port 53 answered REFUSED; Server 162.159.24.39 UDP port 53 answered REFUSED; Server 162.159.25.129 UDP port 53 answered REFUSED',)
Aug  8 11:02:20 mailer journal[88022]: iredapd [SPF][hotmail.com] 'spf:' tag: _spf.google.com
Aug  8 11:02:21 mailer journal[88022]: iredapd [SPF] Error while querying DNS SPF record _spf.google.com: NoNameservers('All nameservers failed to answer the query _spf.google.com. IN TXT: Server 162.159.27.72 UDP port 53 answered REFUSED; Server 162.159.24.39 UDP port 53 answered REFUSED; Server 162.159.25.129 UDP port 53 answered REFUSED',)
Aug  8 11:02:21 mailer journal[88022]: iredapd [SPF][include _spf.google.com] empty
Aug  8 11:02:21 mailer journal[88022]: iredapd [SPF][hotmail.com] No valid IP addresses/networks.
Aug  8 11:02:21 mailer journal[88022]: iredapd [SPF][icloud.com] No valid IP addresses/networks.
Aug  8 11:02:22 mailer journal[88022]: iredapd [SPF] Error while querying DNS SPF record icontact.com: NoNameservers('All nameservers failed to answer the query icontact.com. IN TXT: Server 162.159.27.72 UDP port 53 answered REFUSED; Server 162.159.24.39 UDP port 53 answered REFUSED; Server 162.159.25.129 UDP port 53 answered REFUSED',)
Aug  8 11:02:23 mailer journal[88022]: iredapd [SPF] Error while querying DNS SPF record inbox.com: NoNameservers('All nameservers failed to answer the query inbox.com. IN TXT: Server 162.159.27.72 UDP port 53 answered REFUSED; Server 162.159.24.39 UDP port 53 answered REFUSED; Server 162.159.25.129 UDP port 53 answered REFUSED',)
Aug  8 11:02:24 mailer journal[88022]: iredapd [SPF][instagram.com] No valid IP addresses/networks.
Aug  8 11:02:24 mailer journal[88022]: iredapd [SPF][iredmail.org] 'mx:' tag: iredmail.org
Aug  8 11:02:24 mailer journal[88022]: iredapd [SPF][iredmail.org] MX: mail.iredmail.org
Aug  8 11:02:24 mailer journal[88022]: iredapd [DNS][A] mail.iredmail.org -> 172.105.68.48
Aug  8 11:02:24 mailer journal[88022]: iredapd [SPF][iredmail.org] All IP addresses/networks: 172.105.68.48, 172.104.245.227, 2a01:7e01::f03c:91ff:fe74:9543, 2a01:7e01::f03c:93ff:fe25:7e10
Aug  8 11:02:25 mailer journal[88022]: iredapd [SPF][linkedin.com] No valid IP addresses/networks.
Aug  8 11:02:25 mailer journal[88022]: iredapd [SPF] Error while querying DNS SPF record mail.com: NoNameservers('All nameservers failed to answer the query mail.com. IN TXT: Server 162.159.27.72 UDP port 53 answered REFUSED; Server 162.159.24.39 UDP port 53 answered REFUSED; Server 162.159.25.129 UDP port 53 answered REFUSED',)
Aug  8 11:02:26 mailer journal[88022]: iredapd [SPF] Error while querying DNS SPF record mailchimp.com: NoNameservers('All nameservers failed to answer the query mailchimp.com. IN TXT: Server 162.159.27.72 UDP port 53 answered REFUSED; Server 162.159.24.39 UDP port 53 answered REFUSED; Server 162.159.25.129 UDP port 53 answered REFUSED',)
Aug  8 11:02:28 mailer journal[88022]: iredapd [SPF] Error while querying DNS SPF record mailgun.com: NoNameservers('All nameservers failed to answer the query mailgun.com. IN TXT: Server 162.159.27.72 UDP port 53 answered REFUSED; Server 162.159.24.39 UDP port 53 answered REFUSED; Server 162.159.25.129 UDP port 53 answered REFUSED',)
Aug  8 11:02:29 mailer journal[88022]: iredapd [SPF] Error while querying DNS SPF record mailjet.com: NoNameservers('All nameservers failed to answer the query mailjet.com. IN TXT: Server 162.159.27.72 UDP port 53 answered REFUSED; Server 162.159.24.39 UDP port 53 answered REFUSED; Server 162.159.25.129 UDP port 53 answered REFUSED',)
Aug  8 11:02:30 mailer journal[88022]: iredapd [SPF] Error while querying DNS SPF record messagelabs.com: NoNameservers('All nameservers failed to answer the query messagelabs.com. IN TXT: Server 162.159.27.72 UDP port 53 answered REFUSED; Server 162.159.24.39 UDP port 53 answered REFUSED; Server 162.159.25.129 UDP port 53 answered REFUSED',)
Aug  8 11:02:31 mailer journal[88022]: iredapd [SPF] Error while querying DNS SPF record microsoft.com: NoNameservers('All nameservers failed to answer the query microsoft.com. IN TXT: Server 162.159.27.72 UDP port 53 answered REFUSED; Server 162.159.24.39 UDP port 53 answered REFUSED; Server 162.159.25.129 UDP port 53 answered REFUSED',)
Aug  8 11:02:33 mailer journal[88022]: iredapd [SPF] Error while querying DNS SPF record outlook.com: NoNameservers('All nameservers failed to answer the query outlook.com. IN TXT: Server 162.159.27.72 UDP port 53 answered REFUSED; Server 162.159.24.39 UDP port 53 answered REFUSED; Server 162.159.25.129 UDP port 53 answered REFUSED',)
Aug  8 11:02:34 mailer journal[88022]: iredapd [SPF] Error while querying DNS SPF record ozhealthpharma.com.au: NoNameservers('All nameservers failed to answer the query ozhealthpharma.com.au. IN TXT: Server 162.159.27.72 UDP port 53 answered REFUSED; Server 162.159.24.39 UDP port 53 answered REFUSED; Server 162.159.25.129 UDP port 53 answered REFUSED',)
Aug  8 11:02:35 mailer journal[88022]: iredapd [SPF] Error while querying DNS SPF record paypal.com: NoNameservers('All nameservers failed to answer the query paypal.com. IN TXT: Server 162.159.27.72 UDP port 53 answered REFUSED; Server 162.159.24.39 UDP port 53 answered REFUSED; Server 162.159.25.129 UDP port 53 answered REFUSED',)
Aug  8 11:02:36 mailer journal[88022]: iredapd [SPF] Error while querying DNS SPF record pinterest.com: NoNameservers('All nameservers failed to answer the query pinterest.com. IN TXT: Server 162.159.27.72 UDP port 53 answered REFUSED; Server 162.159.24.39 UDP port 53 answered REFUSED; Server 162.159.25.129 UDP port 53 answered REFUSED',)
Aug  8 11:02:37 mailer journal[88022]: iredapd [SPF] Error while querying DNS SPF record reddit.com: NoNameservers('All nameservers failed to answer the query reddit.com. IN TXT: Server 162.159.27.72 UDP port 53 answered REFUSED; Server 162.159.24.39 UDP port 53 answered REFUSED; Server 162.159.25.129 UDP port 53 answered REFUSED',)
Aug  8 11:02:39 mailer journal[88022]: iredapd [SPF] Error while querying DNS SPF record sbcglobal.net: NoNameservers('All nameservers failed to answer the query sbcglobal.net. IN TXT: Server 162.159.27.72 UDP port 53 answered REFUSED; Server 162.159.24.39 UDP port 53 answered REFUSED; Server 162.159.25.129 UDP port 53 answered REFUSED',)
Aug  8 11:02:40 mailer journal[88022]: iredapd [SPF] Error while querying DNS SPF record sendgrid.com: NoNameservers('All nameservers failed to answer the query sendgrid.com. IN TXT: Server 162.159.27.72 UDP port 53 answered REFUSED; Server 162.159.24.39 UDP port 53 answered REFUSED; Server 162.159.25.129 UDP port 53 answered REFUSED',)
Aug  8 11:02:41 mailer journal[88022]: iredapd [SPF] Error while querying DNS SPF record sendgrid.net: NoNameservers('All nameservers failed to answer the query sendgrid.net. IN TXT: Server 162.159.27.72 UDP port 53 answered REFUSED; Server 162.159.24.39 UDP port 53 answered REFUSED; Server 162.159.25.129 UDP port 53 answered REFUSED',)
Aug  8 11:02:43 mailer journal[88022]: iredapd [SPF] Error while querying DNS SPF record serverfault.com: NoNameservers('All nameservers failed to answer the query serverfault.com. IN TXT: Server 162.159.27.72 UDP port 53 answered REFUSED; Server 162.159.24.39 UDP port 53 answered REFUSED; Server 162.159.25.129 UDP port 53 answered REFUSED',)
Aug  8 11:02:44 mailer journal[88022]: iredapd [SPF] Error while querying DNS SPF record sgp70.siteground.asia: NoNameservers('All nameservers failed to answer the query sgp70.siteground.asia. IN TXT: Server 162.159.27.72 UDP port 53 answered REFUSED; Server 162.159.24.39 UDP port 53 answered REFUSED; Server 162.159.25.129 UDP port 53 answered REFUSED',)
Aug  8 11:02:46 mailer journal[88022]: iredapd [SPF] Error while querying DNS SPF record stackoverflow.com: NoNameservers('All nameservers failed to answer the query stackoverflow.com. IN TXT: Server 162.159.27.72 UDP port 53 answered REFUSED; Server 162.159.24.39 UDP port 53 answered REFUSED; Server 162.159.25.129 UDP port 53 answered REFUSED',)
Aug  8 11:02:48 mailer journal[88022]: iredapd [SPF] Error while querying DNS SPF record tumblr.com: NoNameservers('All nameservers failed to answer the query tumblr.com. IN TXT: Server 162.159.27.72 UDP port 53 answered REFUSED; Server 162.159.24.39 UDP port 53 answered REFUSED; Server 162.159.25.129 UDP port 53 answered REFUSED',)
Aug  8 11:02:50 mailer journal[88022]: iredapd [SPF] Error while querying DNS SPF record twitter.com: NoNameservers('All nameservers failed to answer the query twitter.com. IN TXT: Server 162.159.27.72 UDP port 53 answered REFUSED; Server 162.159.24.39 UDP port 53 answered REFUSED; Server 162.159.25.129 UDP port 53 answered REFUSED',)
Aug  8 11:02:54 mailer journal[88022]: iredapd [SPF] Error while querying DNS SPF record washingtonpost.com: NoNameservers('All nameservers failed to answer the query washingtonpost.com. IN TXT: Server 162.159.27.72 UDP port 53 answered REFUSED; Server 162.159.24.39 UDP port 53 answered REFUSED; Server 162.159.25.129 UDP port 53 answered REFUSED',)
Aug  8 11:02:56 mailer journal[88022]: iredapd [SPF] Error while querying DNS SPF record yahoo.com: NoNameservers('All nameservers failed to answer the query yahoo.com. IN TXT: Server 162.159.27.72 UDP port 53 answered REFUSED; Server 162.159.24.39 UDP port 53 answered REFUSED; Server 162.159.25.129 UDP port 53 answered REFUSED',)
Aug  8 11:02:59 mailer journal[88022]: iredapd [SPF] Error while querying DNS SPF record yandex.ru: NoNameservers('All nameservers failed to answer the query yandex.ru. IN TXT: Server 162.159.27.72 UDP port 53 answered REFUSED; Server 162.159.24.39 UDP port 53 answered REFUSED; Server 162.159.25.129 UDP port 53 answered REFUSED',)
Aug  8 11:03:01 mailer journal[88022]: iredapd [SPF] Error while querying DNS SPF record zendesk.com: NoNameservers('All nameservers failed to answer the query zendesk.com. IN TXT: Server 162.159.27.72 UDP port 53 answered REFUSED; Server 162.159.24.39 UDP port 53 answered REFUSED; Server 162.159.25.129 UDP port 53 answered REFUSED',)
Aug  8 11:03:03 mailer journal[88022]: iredapd [SPF] Error while querying DNS SPF record zoho.com: NoNameservers('All nameservers failed to answer the query zoho.com. IN TXT: Server 162.159.27.72 UDP port 53 answered REFUSED; Server 162.159.24.39 UDP port 53 answered REFUSED; Server 162.159.25.129 UDP port 53 answered REFUSED',)
****************************************************************************
i have installed this latest version but have backed up a previous database from which i had a few issues with different filed names etc, which i think i have resolved.

there was also a greylisting issue where it seemed the greylisting was not eventually letting mail through. i have disabled the greylisting for the time being.

any thoughts on what the sfp record is being rejected for just about everything?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: problem with checking external spf records

Do you use a valid DNS server in /etc/resolv.conf?

3

Re: problem with checking external spf records

thanks for the prompt reply

this is the contents...

# Generated by NetworkManager
search mailer.[mydomainname.com]
nameserver [ip of ns1]
nameserver [ip of ns2]
nameserver [ip of ns3]

4

Re: problem with checking external spf records

sorry, accidentally deleted the domain..

# Generated by NetworkManager
search mailer.[mydomainname.com] [mydomain.com]
nameserver [ip of ns1]
nameserver [ip of ns2]
nameserver [ip of ns3]

5

Re: problem with checking external spf records

ah ha!

your question lead me to explore other options...

although the file was self generated, i think i put those ips in  to the system at some point of the setup and they were wrong. i put in nameserver ips not resolver ips

thanks for the tip. hopefully that will solve this issue.